Allow match selecting of current certificate.

If pointer comparison for current certificate fails check to see if a match using X509_cmp succeeds for the current certificate: this is useful for cases where the certificate pointer is not available.

Allow match selecting of current certificate.
If pointer comparison for current certificate fails check to see if a match using X509_cmp succeeds for the current certificate: this is useful for cases where the certificate pointer is not available.
629b640b · Dr. Stephen Henson · 7b6b246f · 629b640b
隐藏空白更改
内联并排

Showing with 11 addition and 0 deletion

ssl/ssl_cert.c ssl/ssl_cert.c +11 -0

未找到文件。
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -602,6 +602,8 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
 int ssl_cert_select_current(CERT *c, X509 *x)
 	{
 	int i;
+	if (x == NULL)
+		return 0;
 	for (i = 0; i < SSL_PKEY_NUM; i++)
 		{
 		if (c->pkeys[i].x509 == x)
@@ -610,6 +612,15 @@ int ssl_cert_select_current(CERT *c, X509 *x)
 			return 1;
 			}
 		}
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x))
+			{
+			c->key = &c->pkeys[i];
+			return 1;
+			}
+		}
 	return 0;
 	}